Puppet users - Oct 2011 - Applying policy based on network address

Hi all,

I''m trying to wrap my brain around this one and could use a little
help/guidance. I have need to deploy software based on the network a system is
in.

Has anyone had need or been able to do the following?:

(Pseudo code)
If 123.123.123.123 is in 123.123.123.0/24 or 234.234.234.234.0/24  (list/array
of networks it could belong to) then ensure package is present.
                -or-
If 123.123.123.123 is in 123.123.123.0/255.255.255.0 then ensure package is
present.

Yes I suppose a case statement would work better.

Now I know from Facter I have the following  _easily_ at my disposal: ipaddress
and netmask. As easy as it would be to use the network_eth0 to get what network
the host is in I''m a little hesitant to go down that route since I
can''t rely on the eth0 part network_eth0 being consistent. Fedora 15,
for example, is using a new naming convention for their Ethernet interfaces.
Mine is em1. I suppose I could figure out the eth0/em1 part by using the
ipaddress and interfaces fact and use it to figure out the network_eth0/em1 and
that would give me the network address. But this just seems like really too much
freakin'' work.

Anyone have anything simple and elegant? Is there some glaring feature of
puppet/facter that I''ve overlooked that says ..."Duh!"

As always any help in advance is appreciated,

Kris

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Oct 5, 2011, at 7:38 PM, CZACHOR, KRISTOPHER wrote:
> Hi all,
>  
> I’m trying to wrap my brain around this one and could use a little
help/guidance. I have need to deploy software based on the network a system is
in.
>  
> Has anyone had need or been able to do the following?:
>  
> (Pseudo code)
> If 123.123.123.123 is in 123.123.123.0/24 or 234.234.234.234.0/24 
(list/array of networks it could belong to) then ensure package is present.
>                 -or-
> If 123.123.123.123 is in 123.123.123.0/255.255.255.0 then ensure package is
present.
>  
> Yes I suppose a case statement would work better.
>  
> Now I know from Facter I have the following  _easily_ at my disposal:
ipaddress and netmask. As easy as it would be to use the network_eth0 to get
what network the host is in I’m a little hesitant to go down that route since I
can’t rely on the eth0 part network_eth0 being consistent. Fedora 15, for
example, is using a new naming convention for their Ethernet interfaces. Mine is
em1. I suppose I could figure out the eth0/em1 part by using the ipaddress and
interfaces fact and use it to figure out the network_eth0/em1 and that would
give me the network address. But this just seems like really too much freakin’
work.
>  
> Anyone have anything simple and elegant? Is there some glaring feature of
puppet/facter that I’ve overlooked that says …”Duh!”
>  
> As always any help in advance is appreciated,
----
create a custom fact...

Facter.add("datacenter") do
  setcode do
    datacenter = "unknown"
    # Get current ip address from Facter''s own database
    ipaddr = Facter.value(:ipaddress)
    # A data center
    if ipaddr.match("^10\.3\.")
        datacenter = "A"
    # C data center
    elsif ipaddr.match("^10\.1\.")
        datacenter = "C"
    # D data center
    elsif ipaddr.match("^10\.0\.")
        datacenter = "D"
    # E data center
    elsif ipaddr.match("^10\.2\.")
        datacenter = "E"
    # F data center
    elsif ipaddr.match("^10\.10\.")
        datacenter = "F"
    end
    datacenter
  end
end

deploy based on custom fact...

  case $datacenter {
    default: {
      $ldap_servers = "ldap://ldap2.example.com
ldap://ldap1.example.com"
    }
    A: {
      $ldap_servers = "ldap://ldap1.example.com
ldap://ldap2.example.com"
    }
    B: {
      $ldap_servers = "ldap://ldap1.example.com
ldap://ldap2.example.com"
    }

Craig

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Craig,

Craig, thanks for your input. It certainly gave me some ideas for what I needed.

I think I found a way to do exactly what I''m looking for. I''m
not a Ruby wizard by any stretch of the imagination but I think this will work:

Facter.add("network") do
    setcode do
    ipaddy = Facter.value(:ipaddress)
    nmask = Facter.value(:netmask)

    if ipaddy && nmask
      ip = IPAddr.new(ipaddy, Socket::AF_INET)
      subnet = IPAddr.new(nmask, Socket::AF_INET)
      network = ip.mask(subnet.to_s).to_s
    end
  end
end

This uses the already known ip address and subnet mask  and I washed it through
the same "get_network_value" code that''s in the ip.rb file. I
think with this network fact I can fairly easily apply policies based on network
addresses.

-Kris


-----Original Message-----
From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On
Behalf Of Craig White
Sent: Thursday, October 06, 2011 11:01 AM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Applying policy based on network address


On Oct 5, 2011, at 7:38 PM, CZACHOR, KRISTOPHER wrote:
> Hi all,
>  
> I''m trying to wrap my brain around this one and could use a little
help/guidance. I have need to deploy software based on the network a system is
in.
>  
> Has anyone had need or been able to do the following?:
>  
> (Pseudo code)
> If 123.123.123.123 is in 123.123.123.0/24 or 234.234.234.234.0/24 
(list/array of networks it could belong to) then ensure package is present.
>                 -or-
> If 123.123.123.123 is in 123.123.123.0/255.255.255.0 then ensure package is
present.
>  
> Yes I suppose a case statement would work better.
>  
> Now I know from Facter I have the following  _easily_ at my disposal:
ipaddress and netmask. As easy as it would be to use the network_eth0 to get
what network the host is in I''m a little hesitant to go down that route
since I can''t rely on the eth0 part network_eth0 being consistent.
Fedora 15, for example, is using a new naming convention for their Ethernet
interfaces. Mine is em1. I suppose I could figure out the eth0/em1 part by using
the ipaddress and interfaces fact and use it to figure out the network_eth0/em1
and that would give me the network address. But this just seems like really too
much freakin'' work.
>  
> Anyone have anything simple and elegant? Is there some glaring feature of
puppet/facter that I''ve overlooked that says ..."Duh!"
>  
> As always any help in advance is appreciated,
----
create a custom fact...

Facter.add("datacenter") do
  setcode do
    datacenter = "unknown"
    # Get current ip address from Facter''s own database
    ipaddr = Facter.value(:ipaddress)
    # A data center
    if ipaddr.match("^10\.3\.")
        datacenter = "A"
    # C data center
    elsif ipaddr.match("^10\.1\.")
        datacenter = "C"
    # D data center
    elsif ipaddr.match("^10\.0\.")
        datacenter = "D"
    # E data center
    elsif ipaddr.match("^10\.2\.")
        datacenter = "E"
    # F data center
    elsif ipaddr.match("^10\.10\.")
        datacenter = "F"
    end
    datacenter
  end
end

deploy based on custom fact...

  case $datacenter {
    default: {
      $ldap_servers = "ldap://ldap2.example.com
ldap://ldap1.example.com"
    }
    A: {
      $ldap_servers = "ldap://ldap1.example.com
ldap://ldap2.example.com"
    }
    B: {
      $ldap_servers = "ldap://ldap1.example.com
ldap://ldap2.example.com"
    }

Craig

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thu, Oct 06, 2011 at 02:38:28AM +0000, CZACHOR, KRISTOPHER
wrote:
> 
> (Pseudo code)
> If 123.123.123.123 is in 123.123.123.0/24 or 234.234.234.234.0/24 
(list/array of networks it could belong to) then ensure package is present.
>                 -or-
> If 123.123.123.123 is in 123.123.123.0/255.255.255.0 then ensure package is
present.
I wrote a function a while back that might make this easier for you:

https://github.com/deanwilson/puppet/blob/ip_in_range_function/lib/puppet/parser/functions/ip_in_range.rb

if ( ip_in_range( ''10.10.10.10'', "10.0.0.0/8" ) ) {
  package { "example": ... }
}

  Dean
-- 
Dean Wilson
http://www.unixdaemon.net       @unixdaemon
http://www.puppetcookbook.com   @puppetcookbook

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.